Prisma Cloud Known Issues
Review the list of known issues and deprecation notice on Prisma Cloud.
The following table lists the known issues on Prisma Cloud for the CSPM capabilities. For deprecation notices or upcoming changes, see Look Ahead - Planned Updates. If you have also adopted the Compute and Microsegmentation capabilities, review the respective sections in the Release Notes.
Dashboard widgets don't load for a large data set where the time window is also large.
aws-emr-describe-clusterAPIs now run once every 24 hours to generate alerts. If you have cloud accounts with a significant amount of ECS/EMR resources, the resource status is updated once a day.
AWS CloudTrail in the Osaka region (ap-northeast-3) do not display on the Prisma Cloud administrative console.
This issue requires a fix on AWS. When fixed on AWS, the issue will be automatically resolved on Prisma Cloud.
Fixed in the 22.8.1 release- With this fix, you will now see the correct
gcloud-redis-instances-listresources on the
When integrating Prisma Cloud with Jira, if the Jira
issueTypefield uses space as a separator between the words, such as
New Feature, a 500 Internal Server error occurs while configuring Typeahead fields such as Reporter or Assignee, in a Notification Template. You will be unable to create a Notification Template for Jira with the Typeahead fields.
Workaround: Rename the field to remove the space or add an underscore. For example,
New_Feature. You can then add Typeahead fields in a Notification Template.
If you have configured multiple flow logs for a VPC and if any of the flow logs are incorrectly configured, the flow log status on Prisma Cloud is reported as a warning (Amber). This status does not impact ingestion for all the correctly configured flow logs.
Prisma Cloud may not process some of the delete bucket events, due to which the buckets that you have deleted in the AWS console will be visible in the Prisma Cloud
Prisma Cloud supports user attribution, but there may be some delay when generating user attribution for an alert, even when
Alerts User Attribution
, OKE clusters (Oracle Kubernetes Engine) deployed in Santiago region do not display. You can view resources for other supported regions.
Computetab displays with a provisioning message for Business Edition license on the Prisma Cloud administrative console. The Compute tab should not display for the Business Edition license.
This fix may trigger alerts to be opened or closed as applicable.
When changing the
Maximum time before access keys expirevalue for access keys, it may take up to 15 minutes for the updates to take effect.
On occasion, alerts generated against Network Policies can be less accurate when the policy includes the RQL attribute
dest.resource IN (resource where role.
In these cases, a policy match occurs because the resource such as a web server, ELB, or NAT Gateway either may not have been classified by the engine yet or the classification is no longer applicable when flow logs are analyzed to detect a violation. In such instances, you have to triage and close the alert manually.
When you create an alert rule and specify target resource tags, Prisma Cloud processes only a single resource tag key/value pair properly. Proper processing of multiple resource tags or resource tags with multiple values is not guaranteed. This behavior exists whether you create the alert rule through the Prisma Cloud console or through the CSPM API.
Due to performance challenges with Azure Resource Groups, the auto completion using RQL on the
Investigatepage, is temporarily paused until we address the issue. When you use
azure.resource.groupas an attribute in your query, for example,
config from cloud.resource where azure.resource.group =, you will only see the option to enter a string.
The RQL continues to work as expected and any existing policy or saved search that uses the
azure.resource.groupattribute is not affected.
Alerts generated for policies that reference the
azure-disk-listAPI are resolved and reopened intermittently.
Applies to Prisma Cloud Data Security only
Malware report is not available in PDF format.
Applies to Prisma Cloud Data Security only
The Dashboard displays an error when you select an account group that does not contain any accounts.
The Business Unit Report does not support multi-byte characters used in languages such as Japanese.
The Business Unit Report csv file lists all enabled policies even when there are no open alerts, because there are no resources to scan.
When you enable Dataflow compression for a cloud account, the subnetwork creation status may display a failure message on the onboarding status page. This error displays because the time threshold to create the subnetwork and report completion exceeds the response time threshold on Prisma Cloud.
Workaround—Click to the previous page and click next to load the status page again.
If you have the maximum number of VPCs (5) already created in the project and then you enable flowlog compression, the onboarding fails because Prisma Cloud is unable to add the network needed to enable Dataflow compression. When this happens the remediation steps in the message that displays is incorrect.
The integration status check for Jira displays as yellow instead of red even if the integration is misconfigured.
Recommended For You
Recommended videos not found.